{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42898", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T13:19:05.317Z", "dateReserved": "2022-10-13T00:00:00", "datePublished": "2022-12-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-08T08:06:38.475643"}, "descriptions": [{"lang": "en", "value": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\""}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://web.mit.edu/kerberos/advisories/"}, {"url": "https://www.samba.org/samba/security/CVE-2022-42898.html"}, {"url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"}, {"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"}, {"url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"}, {"url": "https://web.mit.edu/kerberos/krb5-1.19/"}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=15203"}, {"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"}, {"url": "https://security.netapp.com/advisory/ntap-20230223-0001/"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-06"}, {"name": "GLSA-202310-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202310-06"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:19:05.317Z"}, "title": "CVE Program Container", "references": [{"url": "https://web.mit.edu/kerberos/advisories/", "tags": ["x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2022-42898.html", "tags": ["x_transferred"]}, {"url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", "tags": ["x_transferred"]}, {"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c", "tags": ["x_transferred"]}, {"url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt", "tags": ["x_transferred"]}, {"url": "https://web.mit.edu/kerberos/krb5-1.19/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=15203", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230216-0008/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230223-0001/", "tags": ["x_transferred"]}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-06"}, {"name": "GLSA-202310-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202310-06"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DDDCA5D-623C-47CD-A5D3-BD16A066BEBC", "versionEndExcluding": "1.19.4", "versionStartIncluding": "1.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.20:-:*:*:*:*:*:*", "matchCriteriaId": "C4D88C23-3917-4891-B9D0-694FCC55B6A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.20:beta1:*:*:*:*:*:*", "matchCriteriaId": "BEDE8B47-EBE0-487C-A52A-8D5F0F5AD851", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*", "matchCriteriaId": "537FE65E-6E3F-4441-8B35-7B48214EA04D", "versionEndExcluding": "7.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "659BA682-BA94-493F-8EE1-235661CC958D", "versionEndExcluding": "4.15.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D8363DE-B7A3-409B-A485-29B4FA053BFB", "versionEndExcluding": "4.16.7", "versionStartIncluding": "4.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "663B7A0D-CCBB-4EDC-A0E3-97F03E636BD2", "versionEndExcluding": "4.17.3", "versionStartIncluding": "4.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\""}, {"lang": "es", "value": "El an\u00e1lisis sint\u00e1ctico de PAC en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) antes de 1.19.4 y 1.20.x antes de 1.20.1 tiene desbordamientos de enteros que pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo (en KDC, kadmind, o un servidor de aplicaciones GSS o Kerberos) en plataformas de 32 bits (que tienen un desbordamiento de b\u00fafer resultante), y causar una denegaci\u00f3n de servicio en otras plataformas. Esto ocurre en krb5_pac_parse en lib/krb5/krb/pac.c. Heimdal antes de 7.7.1 tiene \"un bug similar\"."}], "id": "CVE-2022-42898", "lastModified": "2024-11-21T07:25:33.423", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-25T06:15:09.427", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202310-06"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20230223-0001/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://web.mit.edu/kerberos/advisories/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://web.mit.edu/kerberos/krb5-1.19/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.samba.org/samba/security/CVE-2022-42898.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202310-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230223-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://web.mit.edu/kerberos/advisories/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://web.mit.edu/kerberos/krb5-1.19/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.samba.org/samba/security/CVE-2022-42898.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:8663", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "krb5-0:1.10.3-66.el6_10", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2022-11-29T00:00:00Z"}, {"advisory": "RHSA-2022:8640", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "krb5-0:1.15.1-55.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-11-28T00:00:00Z"}, {"advisory": "RHEA-2023:3850", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "krb5-0:1.18.2-25.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-06-27T00:00:00Z"}, {"advisory": "RHSA-2022:8638", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "krb5-0:1.18.2-22.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-28T00:00:00Z"}, {"advisory": "RHSA-2022:8641", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "krb5-0:1.17-10.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-11-28T00:00:00Z"}, {"advisory": "RHSA-2022:8648", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "krb5-0:1.17-19.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2022-11-28T00:00:00Z"}, {"advisory": "RHSA-2022:8648", "cpe": "cpe:/o:redhat:rhel_tus:8.2", "package": "krb5-0:1.17-19.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2022-11-28T00:00:00Z"}, {"advisory": "RHSA-2022:8648", "cpe": "cpe:/o:redhat:rhel_e4s:8.2", "package": "krb5-0:1.17-19.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2022-11-28T00:00:00Z"}, {"advisory": "RHSA-2022:8639", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "krb5-0:1.18.2-9.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-11-28T00:00:00Z"}, {"advisory": "RHSA-2022:8662", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "krb5-0:1.18.2-15.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2022-11-29T00:00:00Z"}, {"advisory": "RHSA-2022:8637", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "krb5-0:1.19.1-24.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-28T00:00:00Z"}, {"advisory": "RHSA-2022:8637", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "krb5-0:1.19.1-24.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-28T00:00:00Z"}, {"advisory": "RHSA-2022:8669", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "krb5-0:1.19.1-16.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-11-29T00:00:00Z"}, {"advisory": "RHSA-2022:9029", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.3-202212070734_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-12-14T00:00:00Z"}], "bugzilla": {"description": "krb5: integer overflow vulnerabilities in PAC parsing", "id": "2140960", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140960"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190", "details": ["PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash."], "name": "CVE-2022-42898", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Storage 3"}], "public_date": "2022-11-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-42898\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42898\nhttps://mailman.mit.edu/pipermail/krbdev/2022-November/013576.html"], "statement": "Samba in RHEL does not implement the AD DC role and is not built against Heimdal, thus Samba is not affected by this CVE.", "threat_severity": "Important", "upstream_fix": "krb5 1.20.1, krb5 1.19.4"}